How safe are you?
By Agata Nowakowska
October is traditionally associated with the celebration of witch’s brew and breweries, of ghosts and ghouls, kegs and beer tents. So whether it is the treat or the “liquid gold” that whets your appetite, October has something to offer everyone.
In more recent years as European Cyber Security Month, it has taken on the mantle of the month dedicated to drawing attention to the issue of safety on the net, where the wearing of a black hat has a rather more sinister and serious significance.
This year the campaign’s theme is: Stop. Think. Connect. The goal of the campaign is to raise awareness of cyber security threats, promote cyber security among citizens and organizations; and provide resources for everyone to protect themselves online through education and the sharing of good practices.
A recent UK government report (Cyber Governance Health Check) found that:
- Almost 70% of Britain's top business leaders have received no training in how to respond to a cyberattack.
- Out of Britain's top 350 businesses, 10% operate without a cyber incident response plan
- Two-thirds of boards are not kept updated with cyber security risk information.
These figures merely reinforce how ill prepared the vast majority of organisations are for what is essentially a very commonplace risk. A risk more than half identified as a top risk, and yet one few are preparing for apparently.
That this is the case is a cause for alarm.
New research from ISP Beaming estimates that cyber-attacks may have cost UK businesses as much as £30 billion in 2016. Over half of all British businesses fell victim to some sort of an attack- larger companies were more susceptible – with phishing and viruses the most common threats, affecting nearly a quarter (23%) of those surveyed, while 18% suffered a hack or data breach. However although ransomware may have effected fewer organisations, the financial impact was greater at £7.3 billion versus £5.9 billion. In fact, it was judged to have cost UK firms a lot more than social engineering (£5.3bn), denial of service (£4.6bn), breaches (£916m), or viruses (£5bn).
To tackle this problem, in February, the UK government opened the National Cyber Security Center to provide support, guidance and ‘How tos’ on all matters to do with online security. With regard to the ransomware virus, the site offers these simple steps:
#1 Keep your organisation’s security software patches up to date
#2 Use proper antivirus software services
#3 Most importantly for ransomware, back up the data that matters to you, because you can’t be held to ransom for data you hold somewhere else.
However despite the abundance of information readily available that could protect companies, breaches continue to occur and sometimes such breaches are avoidable. To combat this, there are now proposals to fine those companies who are failing to take preventative measures. And while such a recourse is seen as a “last resort”, the hope is that the mere suggestion will add further motivation and encourage companies to get more proactive.
How Training can Safeguard against Cyber Security Threats
What’s interesting is that this reluctance to invest in training or implement a cohesive plan is confusing given the fact that investment in training bears fruits. Increased investment in training can reduce the risk of a cyberattack by 45% to 70%.
Of course, some might say but where do I start? What can a company do with employees who have very little IT knowledge or expertise? Or the business owner may have very little knowledge or understanding and is therefore unable to select the relevant learning.
Michael Kaiser, Executive Director of the National Cyber Security Alliance, offers the following advice:
- Offer Phishing and Spam training
- Create an Acceptable use Policy
- Provide strong password training
- Teach Employees to report problems
- Use proper device management
- Give remote access and WiFi training
And remember, and this is a key point, and one I think far too many people overlook, and that is a cyberattack can happen in any department, so simply providing training for your IT people is not sufficient. Cyber criminals are not selective and can/will gain access through phishing or social engineering techniques as easily and frequently as by hacking your firewall.
In addition to offering training to all employees, it is critical that your IT department has IT professionals who possess the skills and knowledge needed to protect your organization's data and systems. This is a more sophisticated and in-depth level of training and usually involves the pursuit of professional qualifications.
To help you with this here is a list of Skillsoft’s most popular certification courses:
- Certified Ethical Hackers (CEH) – you spoof actual hackers’ attempts to hack your network to discover vulnerabilities before a real attacker finds them
- CompTIA cybersecurity certifications (Security+, CompTIA Cybersecurity Analyst (CSA+), CompTIA Advanced Security Practitioner (CASP))
- Cisco certifications in security (CCNP Security or CCNA Security)
- ISC2 certifications (Certified Information Systems Security Professional (CISSP))
Training and a greater awareness of the risks will reduce or even deter the risk of a cyberattack, and while there is always some new threat, taking measures to educate your employees is the first important and valuable step in the war on hackers.
For information on these or any of our IT learning, click here for a free demo.
Agata Nowakowska is the vice president of Sales for Skillsoft in the UK.